raycast-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit examples that fetch and ingest external web data (e.g., the "Fetch Data" example with fetch("https://api.example.com/data")) and AppleScript to read the browser's active tab URL (AppleScript section), so extensions built from this will read and render arbitrary public/untrusted web content as part of their workflow.